Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: David Howells <dhowells <at> redhat.com>
Subject: [PATCH 0/7] Introduce credentials [ver #2]
Newsgroups: gmane.linux.kernel.lsm
Date: Sunday 27th July 2008 14:02:08 UTC (over 9 years ago)
Hi James, Andrew, Stephen,

Here are the patches I'd suggest at least considering to send upstream now:

 (1) The fix for PF_SUPERPRIV to prevent task->flags from being corrupted
by
     __capable().

 (2) A patch to disperse linux/key_ui.h - it's unnecessary as keyfs went
away.

 (3) A patch to alter key instantiation to not alter the keyring
subscriptions
     of another process.

 (4) A patch to neuter sys_capset() so that it can't alter another
process's
     capabilities.

     Note that I've added in Andrew Morgan's suggestions to remove the use
of
     tasklist_lock to wrap the calls to the LSM capset hooks, and I've
removed
     the target pointer from those hooks.  These are unnecessary as capset
can
     only affect current from this patch on.

 (5) A patch to constify the kern_cap_t pointers in the capset security
hooks.

 (6) A patch to wrap most refs to fs[ug]id in macros so that COW creds can
be
     introduced later.

 (7) A patch to wrap most refs to e?[ug]id in macros so that COW creds can
be
     introduced later.

These patches are against the head of Linus's tree.  A tarball is available
here:

	http://people.redhat.com/~dhowells/cred-for-linus-2.tar.bz2

David
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms